PT-2026-2532 · Linux+3 · Linux Kernel+3

Published

2025-12-02

·

Updated

2026-06-16

·

CVE-2025-68800

CVSS v2.0

6.4

Medium

VectorAV:L/AC:L/Au:S/C:C/I:P/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.18.0-rc1-custom-g1a3d6d7cd014
Description The Linux kernel contained a use-after-free issue within the mlxsw spectrum mr module. A missing mutex acquisition during multicast route deletion could lead to this condition when updating multicast route statistics. The issue was identified through KASAN (Kernel Address Sanitizer) detecting a slab-use-after-free in the mlxsw sp mr stats update function. The root cause was a race condition where a list entry could be deleted while being traversed for statistics updates.
Recommendations Update to version 6.18.0-rc1-custom-g1a3d6d7cd014 or a later version to address this issue.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-825

Related Identifiers

ALSA-2026:3083
ALSA-2026:3110
ALSA-2026:3275
ALSA-2026:4759
AZL-74378
BDU:2026-00710
CVE-2025-68800
ECHO-3DC1-1C8A-7D3E
MGASA-2026-0017
MGASA-2026-0018
OESA-2026-1275
OESA-2026-1303
OESA-2026-1304
OESA-2026-1305
OPENSUSE-SU-2026:20287-1
RHSA-2026:10108
RHSA-2026:3083
RHSA-2026:3110
RHSA-2026:3275
RHSA-2026:3966
RHSA-2026:4759
RHSA-2026:6164
RHSA-2026:9512
RHSA-2026:9644
SUSE-SU-2026:0447-1
SUSE-SU-2026:0472-1
SUSE-SU-2026:0587-1
SUSE-SU-2026:20477-1
SUSE-SU-2026:20498-1
SUSE-SU-2026:20555-1
SUSE-SU-2026:20599-1
SUSE-SU-2026:20615-1
SUSE-SU-2026:20845-1
SUSE-SU-2026:20876-1
USN-8096-1
USN-8096-2
USN-8096-3
USN-8096-4
USN-8096-5
USN-8116-1
USN-8141-1
USN-8163-1
USN-8163-2
USN-8177-1
USN-8177-2
USN-8179-1
USN-8179-2
USN-8179-3
USN-8179-4
USN-8183-1
USN-8183-2
USN-8184-1
USN-8185-1
USN-8185-2
USN-8203-1
USN-8204-1
USN-8243-1
USN-8245-1
USN-8257-1
USN-8258-1
USN-8260-1
USN-8261-1
USN-8265-1
USN-8440-1

Affected Products

Linuxmint
Linux Kernel
Rocky Linux
Ubuntu